Announcement

Collapse
No announcement yet.

Someone is creating new fake customers accounts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Someone is creating new fake customers accounts

    Someone is creating new fake customers accounts over and over again. I am using the Shadows Theme - Anyway to stop this? Thanks
    http://www.invinciblemusic.com

    #2
    I wonder why someone would do this? Are you seeing any attempts to check out with these bogus accounts? Maybe some crook is trying to check the validity of stolen credit-card numbers.
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA

    Comment


      #3
      It's not a quick and simple fix, but you can remove the ability to create a new account from your site by pulling that code from any page template where it occurs and then installing the Phosphor Media Easy Account module, which allows automatic creation of account at the end of the purchase process. No new accounts created unless there is a purchase first. Added bonus is that it creates a more friendly checkout experience, IMHO.
      Todd Gibson
      Oliver + S | Sewing Patterns for Kids and the Whole Family

      Comment


        #4
        Originally posted by InvincibleRecordings View Post
        Someone is creating new fake customers accounts over and over again. I am using the Shadows Theme - Anyway to stop this? Thanks
        Would adding reCaptcha help? If it's a bot, perhaps?
        Leslie Kirk
        Miva Certified Developer
        Miva Merchant Specialist since 1997
        Previously of Webs Your Way
        (aka Leslie Nord leslienord)

        Email me: [email protected]
        www.lesliekirk.com

        Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr

        Comment


          #5
          Kent to answer your question they are not even entering many of the address lines, and what they do enter is all nonsense so it seems they are simply malicious. This could lead to a lot of data to remove at some point but maybe its no big deal and easy to do?. Oliverands - that Phosphor Media Easy Account seems like it could work. Wish is did not have the yearly fee (it is small - 20 bucks) though and having to change the basic Shadows workings is not a plus for me - makes the programming a lot more confusing going forward for hired programmers. I am not very good at programming and having things pretty stock does make things clearer.
          http://www.invinciblemusic.com

          Comment


            #6
            Leslie, it could be a bot but seems to program one for Miva Shadows would be hard. Not sure. They are using first names like MsxgKebyfzhV and everything else entered is just as ridiculous.
            http://www.invinciblemusic.com

            Comment


              #7
              Its a bot. Add reCapture or some other code to block it from filling out form.
              Bruce Golub
              Phosphor Media - "Your Success is our Business"

              Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
              phosphormedia.com

              Comment


                #8
                you could stop that ip address from creating any more accounts. Have a custom customer field that assignes the ip address on the account created page. Then on the creat account page do some code saying if s.remote_addr EQ that IP, dont display any fields for account creation. Even if they have a proxy, it will add another step in the system for them to need to automate or do by hand. Not a final solution but it might help slow the flood

                Comment


                  #9
                  Originally posted by Beefy Nugget View Post
                  you could stop that ip address from creating any more accounts. Have a custom customer field that assignes the ip address on the account created page. Then on the creat account page do some code saying if s.remote_addr EQ that IP, dont display any fields for account creation. Even if they have a proxy, it will add another step in the system for them to need to automate or do by hand. Not a final solution but it might help slow the flood
                  That's a very interesting technique, but may not work based on how the bot is created, many rotate through IP addresses on each attempt. But this would probably stop 'script kiddy' type efforts as those bots are rarely effective at doing anything other than being annoying.
                  Bruce Golub
                  Phosphor Media - "Your Success is our Business"

                  Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                  phosphormedia.com

                  Comment


                    #10
                    Anyone able to add reCapture to my site? They started doing it again.
                    http://www.invinciblemusic.com

                    Comment


                      #11
                      If you know anything about how Miva works the only way to stop a bot would be a module. Front side code on some random page won't work.
                      Colin Puttick
                      Miva Web Developer @ Glendale Designs

                      Comment


                        #12
                        Not sure I follow what you are saying Colin. Bots are exploiting HTML/HTTP/CGI variables and processes. Most of those processes (at least the ones that matter) are controllable at the SMT level...so, a 'module' wouldn't be required. It might make it simpler, but I don't see how it would be required.
                        Bruce Golub
                        Phosphor Media - "Your Success is our Business"

                        Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                        phosphormedia.com

                        Comment


                          #13
                          Any "Action" that gets sent to a page gets done before the page template runs anyways (most of the time) so, for example, you can add a product to your cart from the OCST page and end up on the OCST page. I don't want to post anymore. Obviously somebody already has something programmed in and is passing it around the 'Net for bots and the like. I'm going to put in programming into the HTML PROFILE SMT code but I think that's still not the best solution. An alternate or modified merchant.mvc would be my best idea - I don't do that kind of programing though.
                          Colin Puttick
                          Miva Web Developer @ Glendale Designs

                          Comment


                            #14
                            You can create a completly blank page in Miva and send the right form post to it and you can make an account, add to cart, etc etc.

                            The only way I was able to stop a bot today was though htaccess but that's not going to last forever.

                            I see that merchant.mv is in the LSK so in theory one could edit and compile that with some blocking stuff. I see this being a not good idea.... but I don't know what else to do. There are hundreds of thousands of spam customer accounts being created on multiple sites.
                            Colin Puttick
                            Miva Web Developer @ Glendale Designs

                            Comment


                              #15
                              Have you been able to identify the culprit yet? If it's a bot, "disallow" from login page on your robots.txt file. This will at the very least accomplish one thing, is it intentional.
                              Thank you, Bill Davis

                              Comment

                              Working...
                              X